diff options
author | Eric Dumazet <edumazet@google.com> | 2017-03-21 19:22:28 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-03-30 09:35:14 +0200 |
commit | 38dece41e5be77478b333db580b5e171b136befa (patch) | |
tree | 508150cf5f1150e72e94f6707504b96a1d997e03 /drivers/mcb | |
parent | 85f00dac91a1047b57e600df9636c8408f70001f (diff) | |
download | linux-stable-38dece41e5be77478b333db580b5e171b136befa.tar.gz linux-stable-38dece41e5be77478b333db580b5e171b136befa.tar.bz2 linux-stable-38dece41e5be77478b333db580b5e171b136befa.zip |
ipv4: provide stronger user input validation in nl_fib_input()
[ Upstream commit c64c0b3cac4c5b8cb093727d2c19743ea3965c0b ]
Alexander reported a KMSAN splat caused by reads of uninitialized
field (tb_id_in) from user provided struct fib_result_nl
It turns out nl_fib_input() sanity tests on user input is a bit
wrong :
User can pretend nlh->nlmsg_len is big enough, but provide
at sendmsg() time a too small buffer.
Reported-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/mcb')
0 files changed, 0 insertions, 0 deletions